WORKING _3dsecure and _storeremote Implementation Advice Needed

[<Coder />]

Hi All,

My first post here so forgive me if this has been covered thoroughly. I tried to search and trawl through the responses but the keywords appear to be vast amongst the forum posts.

I am working on an integration between a payment gateway and WHMCS. I have come across a couple of scenarios and am struggling to ascertain whether these are correct behaviours, or if I am missing key pieces to the integration puzzle.

 

Firstly, I have 3DSecure, Capture and StoreRemote functions in my custom module.

If a newly registered customer Updates there credit card details without a transaction first, the _StoreRemote function is not triggered, thus, despite having the _StoreRemote function present in the actively loaded module, the credit card details are stored on the merchants server.

If I’m not mistaken, is that not the entire point to the _StoreRemote function?

 

If a customer updates their credit card details via Profile option, or "Enter New Card" option of a new transaction, there is no area to enter (or confirm) billing address. This provides two scenarios:

We have to code to accept $params['clientdetails']['address1'] (and all other address fields as being the new card billing address, which, if it is not, will produce "Remote Transaction Failure" messages and/or AVS policy failure responses.

We have to ignore the address to avoid the aforementioned errors, but this would boycott the AVS scheme.

 

Also,

If the custom gateway module contains the _3dsecure function, this is what will get called after _StoreRemote.

This being the case, not every card is enrolled in the 3DSecure scheme and is controlled by the card issuer. This creates a situation where you have 3DSecure present in your custom gateway module, the card is not enrolled in the scheme, the transaction is processed, and irrespective of the response, the page is expecting the HTML code snippet for the 3DS authentication process.

 

What are we supposed to do here as I cannot find the documentation anywhere regarding this?

 

 

Lastly, if a module contains BOTH _StoreRemote and _3DSecure functions, this is incredibly bad it seems for the following reason:

If a customer enters a new set of card details (either profile or during a new transaction), at no point does the _StoreRemote function provide the same 3DSecure check as the _3DSecure function and as a result, the transaction can be processed without 3DSecure Authenticating (Recurring transactions will obviously not have been 3DSecure authenticated either), or, providing the customer with the generic "Remote Transaction Failure" response, which they won’t have a clue what the means.

 

 

With the above taken into consideration, the scenarios could occur with all three of those functions in a custom gateway module where, customers would get a lot of Remote Transaction Failures because we have coded it to tight and it is failing AVS or 3DSecure Authentication is missing, OR, we have coded to be flexible given the apparent limitations of the system but could possibly let transactions through which don’t have AVS, Postcode Check or 3DSecure check. I’m sure you'd agree, neither of these situations would be good for business.

 

 

As said before, I have had a look at the gateway dev kit documentation, which in my opinion is an extremely high level overview, the forums but was overwhelmed with the number of posts relating to the keywords, and the help guide but nothing I have read seems to clear these matters up.

 

 

Thanks in advance for any help/advice on the above, greatly appreciated. Any assistance will be rewarded by the appearance of an eagerly awaited payment gateway module in the addon store ;-)

 

 

P.S I deeply apologies for the length, I seriously struggled to trim down any further whilst maintaining the level of detail for my points to be understood properly!

[Chris-M]

Did you ever have any progress with this?

 

We are developing a similar module and are wondering if it's possible to return a more descriptive error message from the somegateway_storeremote() function in the event of an error. For example, the remote gateway rejects the card details. By default the customer gets a "Remote Transaction Failure. Please Contact Support" error - can we control what is shown at that stage?

 

Thanks,

Chris